This is the final article of a five-part series that looks at the area of HIPAA law known as “Technical Safeguards.” Technical safeguards are designed to protect electronic Protected Health Information from internal and external risks. Implementation of these safeguards is required by law, and helps you avoid costly fines. In this brief article, we address “Transmission Security,” Regulation §164.312(e)(1).
What is Transmission Security?
If you send electronic Protected Health Information (ePHI) via email or other electronic means to providers outside your secure network, patients, insurers or other businesses; you must implement security measures to protect that information.
Implementation Specifications
There are two implementation specifications:
Integrity Controls
In this context, integrity controls ensure that ePHI is not improperly modified during email transmission.¹ I.e., you want to make sure the data you send is the same data that’s received.
Encryption is a security method that converts data (information) into a code or unreadable text while it is being transmitted. Once received, the information is converted back to readable text.
How do you best implement the “Transmission Security” Standards?
- Install end-to-end encryption to make sure your email is encrypted at all points in the transmission process
- You want the highest number when it comes to encryption (i.e. 256, 1024, 2048-bit), because the higher the level, the stronger the security
- Use a secure, cloud-based email platform hosted on its own HIPAA-compliant server
It’s important to note that encrypted does not mean HIPAA-compliant—unless the other four HIPAA Technical Safeguards are also met.